Filtered by vendor Deltaww
Subscribe
Total
170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13513 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. | |||||
| CVE-2019-13514 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. | |||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2023-02-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | |||||
| CVE-2023-0249 | 1 Deltaww | 1 Diascreen | 2023-02-16 | N/A | 7.8 HIGH |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-0251 | 1 Deltaww | 1 Diascreen | 2023-02-16 | N/A | 7.8 HIGH |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-0250 | 1 Deltaww | 1 Diascreen | 2023-02-16 | N/A | 7.8 HIGH |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-0124 | 1 Deltaww | 1 Dopsoft | 2023-02-09 | N/A | 7.8 HIGH |
| Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | |||||
| CVE-2023-0123 | 1 Deltaww | 1 Dopsoft | 2023-02-09 | N/A | 7.8 HIGH |
| Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | |||||
| CVE-2022-4634 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2023-02-09 | N/A | 7.8 HIGH |
| All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-0444 | 1 Deltaww | 1 Infrasuite Device Master | 2023-02-06 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator. | |||||
| CVE-2022-41778 | 1 Deltaww | 1 Infrasuite Device Master | 2023-01-23 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. | |||||
| CVE-2022-4616 | 1 Deltaww | 2 Dx-3021l9, Dx-3021l9 Firmware | 2023-01-19 | N/A | 9.1 CRITICAL |
| The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. | |||||
| CVE-2022-2966 | 1 Deltaww | 1 Dopsoft | 2022-12-27 | N/A | 7.5 HIGH |
| Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. | |||||
| CVE-2022-2660 | 1 Deltaww | 1 Dialink | 2022-12-16 | N/A | 7.5 HIGH |
| Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | |||||
| CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2022-12-16 | N/A | 8.8 HIGH |
| Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | |||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2022-12-16 | N/A | 5.4 MEDIUM |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | |||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2022-12-16 | N/A | 7.2 HIGH |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | |||||
| CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2022-12-07 | N/A | 7.5 HIGH |
| Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | |||||
| CVE-2019-6547 | 1 Deltaww | 1 Screeneditor | 2022-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. | |||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2022-11-18 | N/A | 8.8 HIGH |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||